HTTP Headers Analysis for https://kaaiot.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

1 headers

Cache-Control

Caching

no-cache, private

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

2 headers

Server

nginx

X-Powered-By

Server

PHP/7.1.30

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

OHuwhZDOSMH53McZKBzkf5rrejUXUyONMI8iJ7Uc=eyJpdiI6ImZFc0x3N2o3XC9HWjJMUk5NOERqV213PT0iLCJ2YWx1ZSI6InBoZEJZUXBFbE1mXC9kS1hwYm95U1NrTGFmdlwvQ1RxdkthZUZPQnJqcGcrQkI1QnFSRHhCTHl4R0hqaEZoZFwvR1JxZEdWK1wvSnV6R25LMFJHWGtSTkNtOUJqVWw1aGRFWVV4eEdwWnJ5b0VseTMzdkowZEFXRElOcXVKS2t5RklUdnFxV1NLVUtRYk4xdXJaSWtzckxBUTNISDNIeGk1SjVNWTRJNmtxUmt0XC83NGN5eG5mb09xU2I4cU5PQUlJTGd6aDk3clJ3dUloWUhpSDNvOXQ2RTVrRURiMjF4RUc2Qnk2aDF1RStSdTJWZHdVUlNoR2kxb2pCeHFDbmEzS0I4bThCTnI2UkNXU1BqTE1UU0JVcm1hZjU5ZHVRaExvSjFqeGZzWVE5OHpCeVM0U2tzY1RnS05oNXpzVFBld1JvY3pVNHdhUVJkWWp1VW1YbnNhTTkyZXpcL05zdEJcLzZxaUMyVWZucGtMdVRJcjhTcFNWd0R1QlhnT0V6NjVHSGZLcERVTE9UZklFRzloSUcxZUp1bjE1NzNKTG05eGxcL1ZVc0VYMGc3Q29Lb3ZkNzUwcjhjaTZsRHlaREs0NmN3TngwQjdYN3k5N29zXC9PNUEwWDloYyt1Rnp5Z1J1cENvVjUzT2lsODlnSUZhVldhbXlBYTFQaUpNZnpRMnczTE9PWkFUK3d3RUoyeG5YXC9DZ09iN0prQkllWWFyS3JmV2hTelNRT3owRzZodmR1MDdrRVwvMzhrR1ZVZHFDZ0NNVTFUcGc4QWp4SW4wWWFIWjlzTVwvUFdDMGV0MDJqZDh4N3pkQTRRaVdCSUorWW5tcEs4emFjelR2N2I5YXRFQWFBU2hWN1FmUDRodHBzeEhEU2t2dkc2ZUp5WDhqN1BURjV3RHpEUEdnalh0RStuZkd1K1ZQemh3SmkyOEFoaFVvN1wvTEdYUE8xUVhXMHpHWnU1UklJSXJtdEh5M3c9PSIsIm1hYyI6IjdkNTFmOGI5MjRiMDcxZmY1YmM5NWVjODJmNGY4NWRjODUzYTNiNTY2YTljZDM1ZjYxNWM0MWFkZjczYmM5NzYifQ%3D%3D; expires=Sun, 30-Nov-2025 08:03:21 GMT; Max-Age=7200; path=/; httponly

Other Headers

2 headers

Date

Other

Sun, 30 Nov 2025 06:08:03 GMT

X-Proxy-Cache

Other

MISS

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology